Description
The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed.
Remediation
References
https://snyk.io/vuln/SNYK-JS-POSTLOADER-2403737
Related Vulnerabilities
CVE-2020-28271 Vulnerability in npm package deephas
CVE-2022-24725 Vulnerability in npm package shescape
CVE-2019-10754 Vulnerability in maven package org.apereo.cas:cas-server-support-shell
CVE-2023-29921 Vulnerability in maven package tech.powerjob:powerjob
CVE-2023-30519 Vulnerability in maven package org.jenkins-ci.plugins:quayio-trigger